Bitcoin Crisis Averted – DoS & Inflation Vulnerability Patched

Since its release in 2009, Bitcoin Core has dealt with several software bugs, yet only a few have been deemed as serious and high-risk. Recent reports indicate that a bug which essentially allowed anyone interested to crash the entire Bitcoin network has just been patched.

With this in mind, the bug in question has been described as a denial-of-service vulnerability. It worked by allowing miners to create a poisoned block containing a double-spend transaction. An attacker would simply need to send the block on the network, where it would crash the Bitcoin Core software of all receiving users. As Bitcoin is based on a peer-to-peer mechanism, the bug had major network-crashing potential. However, granted the way Bitcoin is built, the community would have been able to restore usage fairly quickly. Because of this, the attack wouldn’t have been entirely catastrophic for the coin, but rather fairly disruptive, bringing along increased price volatility.

It is important to point out that exploiting the bug was only possible if the attacker gave up his 12.5 BTC block discovery reward. According to Emin Gün Sirer, a professor of computer science, “for less than $80,000, you could have brought down the entire network (…) that is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.”

The bug, which has been classed as major and very scary, was not found in the Bitcoin protocol, but rather in Bitcoin Core, which is the network’s software implementation. Litecoin uses the same software, therefore its developers were also required to release a patch for the same bug. The same is the case for many altcoins which have been based on Bitcoin or Litecoin. Luckily, the vulnerability produced no consequences to the Bitcoin network. Yet, it does spark up several questions regarding software security, and what the Bitcoin community can do to avoid such bugs in the future.

Update September 22nd: Bitcoin Core Developers have released a statement, claiming the fix they released contained a Denial-of-Service component, alongside a critical inflation vulnerability. Both have been fixed, and at this time, more than 50% of the Bitcoin hashrate has upgraded. So far, there are no reports of the vulnerability being misused. Bitcoin Cash, Litecoin and Dash have also been exposed to the bug, and subsequently patched in response to the disclosure by Bitcoin Core.